Grafana security release for CVE-2023-3128

Grafana has released several new versions, including 10.0.1, 9.5.5, 9.4.13, 9.3.16, 9.2.20, and 8.5.27, to address a critical security vulnerability identified as CVE-2023-3128, which affects Azure Active Directory (AD) account validation. This flaw, with a CVSS score of 9.4, can lead to account takeover and unauthorized access to sensitive data when Azure AD OAuth is configured with a multi-tenant application. Users are advised to upgrade their instances or apply mitigations like configuring allowed_groups or registering a single tenant application in Azure AD. The patch removes unsafe email lookups and relies on unique user IDs, which may disrupt authentication workflows in certain scenarios. Grafana Labs emphasizes not disclosing vulnerabilities until they are officially announced and provides channels for reporting security issues.